This is a discussion on Re: OpenSSL 0.9.8b - DTLS1 bug - Openssl ; Hi, This implementation is totally wrong (I posted a complete list of problems I've found), this implementation doesn't follow the rfc at all but works on my Debian box to see where the problem comes from you could use Wireshark ...
This implementation is totally wrong (I posted a complete list of
problems I've found), this implementation doesn't follow the rfc at
all but works on my Debian box
to see where the problem comes from you could use Wireshark (new
version of Ethereal) I have made a dissector that allow you to see
messages...(it's an advice)
If you put pcap file I will try to correct this when I have time (not
before 1 month)
(I have done a patch that I posted a long time ago that correct
version problem and ClientKeyExchange buggy message but don't apply it
to see messages with Wireshark....)
On 8/11/06, Kyle Hamilton
> As I recall, it was someone who was working on it who was having
> patches committed as he implemented it, and never finished it?
> It probably is buggy.
> -Kyle H
> On 8/10/06, ViSolve Security Consulting Group
> > Hi Developers,
> > We have compiled OpenSSL 0.9.8b on HP-UX Itanium Processor Family.
> > While trying to establish a communication between a server and a client=
> > DTLS1 protocol support. The server aborts with a core dump.
> > SSL_accept:SSLv3 write key exchange A
> > d1_both.c(1063): OpenSSL internal error, assertion failed:
> > s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH =3D=3D (unsigned
> > int)s->init_num
> > Abort(coredump)
> > Is it a bug in DTLS1 protocol support in OpenSSL ??
> > The commands we used for SSL server & client are -
> > # openssl s_server -accept 1234 -cert ksb_cert.pem -key ksb_priv_key.pe=
> > -verify 2 -CAfile ca_cert.pem -dtls1 -state -debug
> > # openssl s_client -connect localhost:1234 -verify 2 -CAfile ca_cert.pe=
> > -cert ksb_cert.pem -key ksb_priv_key.pem -dtls1 -state -debug
> > Thanks,
> > ViSolve Security Consulting Group.
> __________________________________________________ ____________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List firstname.lastname@example.org
> Automated List Manager email@example.com
12 rue de la d=E9fense passive
OpenSSL Project http://www.openssl.org
Development Mailing List firstname.lastname@example.org
Automated List Manager email@example.com